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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
November 25, 2005 has been entered. 

2. Claims 1-20 are currently being considered. 

Response to Arguments 

3. Applicant's arguments filed November 25, 2005 have been fully considered but 
they are not persuasive for the following reasons: 

Regarding amended independent claim 1 , the applicant argues that the CPA, 
Henry et al. (U.S. Patent No. 6,856,800), does not teach the newly added limitations of 
"granting previously authorized non-controlling access" and "granting access to new 
activities and control parameters on the computer device if remote authentication is 
successful." Applicant points to paragraphs 20,21, and 31 of the U.S. Patent 
Publication (US 2003/0093690 Al) of the application. However, there is not mention or 
definition of "non-controlling" access in the specification, and the broadest reasonable 
interpretation has been applied to this claim In light of the lack of support for the term. 
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Furthermore, the Applicant argues that CPA does not teach "granting access to 
new activities and control parameters if remote authentication is successful." The 
support for this limitation, as stated by the Applicant, is in paragraphs 20-21 , and 31 . 
However, in these passages, the invention states that "if access has already been 
granted at step 110, then a successful remote authentication will continue that access 
before returning to step 102 where the system 1 continues working on the authorized 
activity" (paragraph 0031 ). The Examiner interprets this as allowing the user to 
continue perfomiing tasks on the network, and not as giving the user access to 
previously forbidden tasks. Based on this interpretation and the specification, it is 
asserted that the CPA does teach "granting access to new activities and control 
parameters if remote authentication is successful" when the CPA states, that "the AP 
202 locally validates the certificate and will grant temporary access to the mobile host 
200 while querying the home AAA server 204 to determine if the certificate has been 
revoked before it expires" (column 3 lines 19-23). If this authentication Is successful, 
the client is allowed to continue sending and receiving packets. 

Therefore, the rejection is maintained and applied to the new limitations as given 
below along with any new grounds of rejection. 

Claim Rejections - 35 USC §112 
The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification sliall contain a written description of tlie invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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4. Claims 1-20 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the enablement requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to enable one skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and/or use the 
invention. The newly added limitations include "granting previously authorized non- 
controlling access." There is not sufficient information in the specification to support 
what is meant by "non-controlling access" and the term is not explicitly mentioned in any 
passage in the specification. For the purposes of examination, the broadest reasonable 
interpretation is given to the limitation, and the "non-controlling access" is interpreted as 
being access limited in some way. 



Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



5. 

et al. 



Claims 1 - 18 are rejected under 35 U.S.C. 102(e) as being anticipated by Henry 
(U.S. Patent No. 6,856.800). 
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Regarding claim 1, Henry discloses: 

A secure computer device, comprising: 

"means for locally-authenticating a user of the device" (column 2 lines 12-39, 
column 3 lines 1-9, column 4 lines 3-24), wherein an access point receives an 
authentication credential from a network device (secure computer device) and can 
locally authenticate the user; 

"means for providing granting previously authorized non-controlling 
access to the device if the user is locally authenticated' (Figure 4 item 404, column 
3 lines 5-33), wherein the restricted temporary access is restricted in terms of limited 
valid time span, until a remote authentication is sent and can give full access; 

"means for generating a remote authentication request after a successful 
local authentication of the user" (column 3 lines 6-9, column 4 lines 27-30), wherein 
after the local authentication of the user, the access point fonA/ards the submitted 
credentials to a remote AAA server, which then performs the entire authentication 
process; and 

"means for granting access to new activities and control parameters on the 
computer device if remote authentication is successfuf* (Figure 4 item 404, column 
3 lines 5-33), wherein the restricted temporary access is restricted in terms of limited 
valid time span, until a remote authentication is sent and can give full access. 

Claim 2 is rejected as applied above in rejecting claim 1 . Furthermore, Henry discloses: 
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The device recited in claim 1, further comprising "means for authorizing the 
user in response to the successful local authentication" (column 3 lines 1 -9), 
wherein the access point can locally authenticate a user and then grant temporary 
access to the user immediately after the successful completion of the local 
authentication process. 

Claim 3 is rejected as applied above in rejecting claim 2. Furthermore, Henry discloses: 

The device recited in claim 2, further comprising "means for withdrawing the 
authorization in response to a reply from the server" (column 3 lines 7-9, column 5 
lines 4-17), wherein the remote server determines if the credentials are valid, and if the 
credentials are determined to be invalid, a message is sent to the access point which 
terminates the user's temporary access. 

Claim 4 is rejected as applied above in rejecting claim 1 . Furthermore, Henry discloses: 
The device recited in claim 1 further comprising "means for updating the local 
authenticating means in response to a reply from the serve f (column 3 lines 27- 
32), wherein the local database is updated with the revocation information. 

Claim 5 is rejected as applied above in rejecting claim 2. Furthermore, Henry discloses: 
The device recited in claim 2 further comprising "means for updating the local 
authenticating means in response to a reply from the server"' (column 3 lines 27- 
32), wherein the local database is updated with the revocation information. 
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Claim 6 is rejected as applied above in rejecting claim 1. Furthermore, Henry discloses: 
The device recited in claim 3 further comprising "means for updating the local 
authenticating means in response to a reply from the server"' (column 3 lines 27- 
32), wherein the local database is updated with the revocation information. 

6. Claims 7 - 12 are method claims analogous to the apparatus claims 1-6 rejected 
above, and therefore, are rejected following the same reasoning. 

7. Claims 13 - 18 are computer-readable medium claims analogous to the 
apparatus claims 1-6 rejected above, and therefore, are rejected following the same 
reasoning. 



Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which fomis the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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8. Claims 19-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Henry et al. (U.S. Patent No. 6.856,800) in view of Hosein et al. (U.S. Patent No. 
6.430.694). 

Regarding claim 19, Henry discloses: 

"a client having a client database for locally-authenticating a usei" (column 
2 lines 12-39, column 3 lines 1-9, column 4 lines 3-24), wherein an access point 
receives an authentication credential from a network device (secure computer device) 
and can locally authenticate the user; 

"an authentication device that grants previously authorized non-controlling 
access if the user Is locally authenticated' (Figure 4 item 404. column 3 lines 5-33), 
wherein the restricted temporary access is restricted in terms of limited valid time span, 
until a remote authentication is sent and can give full access; 

"a server, in communication with the client, having a server database for 
remotely-authenticating the use in response to a request from the client after a 
successful local authentication" (column 3 lines 6-9, column 4 lines 27-30). wherein 
after the local authentication of the user, the access point forwards the submitted 
credentials to a remote AAA server, which then performs the entire authentication 
process; 

"wherein the authentication device grants access to new activities and 
control parameters on the computer device if remote authentication is 
successfur (Figure 4 item 404, column 3 lines 5-33), wherein the restricted temporary 
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access is restricted in terms of limited valid time span, until a remote authentication is 
sent and can give full access; 

"means for updating the client database according to ttie results of the 
local and remote authentication" (column 3 lines 27-32), wherein the local database 
is updated with the revocation infomnation. 

Henry does not explicitly disclose "means for limiting a number of times that a 
particular client database and/or record in any, or all, of the client databases will 
be updated during any period of time and/or total number of updates". However, 
Hosein discloses a database system, which is modified to include the ability to limit the 
number of data updates, which may be outstanding to the plurality of distributed 
databases during any particular period of time (column 2 lines 59-67). Henry and 
Hosein are analogous arts in that both utilize database systems. Hosein uses a 
modified database system, which can be implemented on any database to limit the 
number of data updates, which may be outstanding to the plurality of distributed 
databases during any particular period of time. This would have been obvious to modify 
the database system of Henry to limit the number of updates in order to avoid the 
possibility of having databases not being synchronized. This would be disadvantageous 
in the system of Henry, because it would be beneficial to have all the local 
authentication clients (access points) to be synchronized with each other, so that a user 
that is being authenticated at one access point would receive the same authentication at 
another access point at approximately the same time (column 2 lines 43-55). 
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Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the database system of Henry to include the maximum 
number of outstanding updates, so that the local authentication databases of the local 
authenticating clients would be synchronized. 

Claim 20 is rejected as applied above in rejecting claim 19. Furthermore, Henry 
discloses: 

The secure computer system recited in claim 19, further comprising: 
"means for authorizing a user in response to a successful locai 
authentication'' (column 3 lines 1-9), wherein the access point can locally authenticate 
a user and then grant temporary access to the user immediately after the successful 
completion of the local authentication process; and 

"means for withdrawing the authorization in response to an unsuccessful 
remote authentication" (column 3 lines 7-9, column 5 lines 4-17), wherein the remote 
server determines if the credentials are valid, and if the credentials are determined to be 
invalid, a message is sent to the access point which terminates the user's temporary 
access. 
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Conclusion 



9. Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Kaveh Abrishaml<ar whose telephone number 
is 571-272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3786. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Infonnation regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infomnation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). 
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